rainbow tables at Shmoocon

[jd.mubix at gmail.com (Rob Fuller)]

The way (at least from the 5000 mile view I had) that 26C3 operated
was like the {old} FTP era, you have an upload folder that was
"Download at your own risk" and then some verified directories of
goodness

So, when you ask Drobo, ask for the one with drives and network
capable. Or, you could attach it to a BSD box with vsftp.

Either way
1) I think if you aren't gonna trust it, don't download it
2) we need more than just a Drobo to run this thing. A tiny bit of
infrastructure needs to happen as well.


--
Rob Fuller | Mubix
Room362.com | Hak5.org | TheAcademyPro.com



On Wed, Jan 6, 2010 at 10:55 AM, Robin Wood <dninja at gmail.com> wrote:
> 2010/1/6 Jim Halfpenny <jim.halfpenny at gmail.com>:
> > I'm not sure I would trust the rainbow tables in such a collection. It would
> > be easy to drop poisoned tables where a pecentage of the values were bogus.
> > Nice idea in principle but if you have the CPU time to verify the tables so
> > they are trustworthy you could just generate them yourself.
> >
> > Mind you, I wouldn't mind some more exotic rainbow tables - Oracle password
> > hashes anyone?
> >
> > Jim
>
> I'm hoping that the community spirit will keep the tables clean and
> useful. Like someone said earlier, most of the people on this list who
> are likely to contribute are known names and can probably be vouched
> for by the rest of the list.
>
> Lets just hope someone doesn't work out a 0-day for one of the
> cracking apps that involves a specially crafted table!
>
> Robin
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com